Lucene search
K

11 matches found

Packet Storm
Packet Storm
added 2017/09/14 12:0 a.m.37 views

Alienvault OSSIM av-centerd 4.7.0 get_log_line Command Injection

require 'msf/core' require 'rexml/document' class MetasploitModule 'Alienvault OSSIM av-centerd Command Injection getlogline', 'Description' = %q This module exploits a command injection flaw found in the getlogline function found within Util.pm. The vulnerability is triggered due to an unsanitiz...

10CVSS0.9AI score0.13072EPSS
Exploits7
exploitpack
exploitpack
added 2017/09/13 12:0 a.m.29 views

Alienvault OSSIM av-centerd 4.7.0 - get_log_line Command Injection (Metasploit)

Alienvault OSSIM av-centerd 4.7.0 - getlogline Command Injection Metasploit require 'msf/core' require 'rexml/document' class MetasploitModule 'Alienvault OSSIM av-centerd Command Injection getlogline', 'Description' = %q This module exploits a command injection flaw found in the getlogline...

0.9AI score0.13072EPSS
Exploits7
0day.today
0day.today
added 2017/09/13 12:0 a.m.38 views

Alienvault OSSIM av-centerd 4.7.0 - (get_log_line) Command Injection Exploit

Exploit for linux platform in category remote exploits require 'msf/core' require 'rexml/document' class MetasploitModule 'Alienvault OSSIM av-centerd Command Injection getlogline', 'Description' = %q This module exploits a command injection flaw found in the getlogline function found within...

10CVSS0.4AI score0.13072EPSS
Exploits7
Exploit DB
Exploit DB
added 2017/09/13 12:0 a.m.47 views

Alienvault OSSIM av-centerd 4.7.0 - 'get_log_line' Command Injection (Metasploit)

require 'msf/core' require 'rexml/document' class MetasploitModule 'Alienvault OSSIM av-centerd Command Injection getlogline', 'Description' = %q This module exploits a command injection flaw found in the getlogline function found within Util.pm. The vulnerability is triggered due to an unsanitiz...

10CVSS7.4AI score0.13072EPSS
Exploits7
Prion
Prion
added 2014/08/21 2:55 p.m.12 views

Cross site request forgery (csrf)

The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted 1 remotetask or 2 getlicense request, a different vulnerability than CVE-2014-3804 and CVE-2014-3805...

10CVSS7.6AI score0.72376EPSS
Exploits18References4Affected Software1
Check Point Advisories
Check Point Advisories
added 2014/07/20 12:0 a.m.51 views

AlienVault OSSIM av-centerd Util.pm get_license Arbitrary Command Execution (CVE-2014-3805)

An arbitrary command execution vulnerability exists in AlienVault OSSIM. The vulnerability is due to a failure to safely sanitize user data while handling SOAP service requests via the getlicense function of Util.pm. A remote unauthenticated attacker can exploit this vulnerability by sending...

10CVSS4AI score0.13072EPSS
Exploits7
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.24 views

AlienVault OSSIM < 4.7.0 - av-centerd 'get_log_line()' Remote Code Execution

No description provided by source. Exploit Title: AlienVault OSSIM 4.7.0 av-centerd 'getlogline' Remote Code Execution Date: 06/17/2014 Exploit Author: Alfredo Ramirez Vendor Homepage: http://www.alienvault.com/ Software Link: http://www.alienvault.com/open-threat-exchange/projects Version: 4.7.0...

10CVSS0.3AI score0.13072EPSS
Exploits7
exploitpack
exploitpack
added 2014/06/18 12:0 a.m.53 views

Alienvault Open Source SIEM (OSSIM) 4.7.0 - av-centerd get_log_line() Remote Code Execution

Alienvault Open Source SIEM OSSIM 4.7.0 - av-centerd getlogline Remote Code Execution Exploit Title: AlienVault OSSIM uri'AV/CC/Util' - proxy'https://172.26.22.2:40007/av-centerd' - getlogline'All', '423d7bea-cfbc-f7ea-fe52-272ff7ede3d2' ,'172.26.22.1', 'test', '/var/log/auth.log', '1;id;' -...

10CVSS0.4AI score0.13072EPSS
Exploits7
Exploit DB
Exploit DB
added 2014/06/18 12:0 a.m.39 views

Alienvault Open Source SIEM (OSSIM) &lt; 4.7.0 - av-centerd &#039;get_log_line()&#039; Remote Code Execution

Exploit Title: AlienVault OSSIM uri'AV/CC/Util' - proxy'https://172.26.22.2:40007/av-centerd' - getlogline'All', '423d7bea-cfbc-f7ea-fe52-272ff7ede3d2' ,'172.26.22.1', 'test', '/var/log/auth.log', '1;id;' - result; for @ $soapresponse0 print "$\n"; If vulnerable output will be: uid=0root gid=0roo...

10CVSS6.4AI score0.13072EPSS
Exploits7
Cvelist
Cvelist
added 2014/06/13 2:0 p.m.31 views

CVE-2014-3805

The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted 1 getlicense, 2 getlogline, or 3 updatesystem/upgradeproweb request, a different vulnerability than CVE-2014-3804...

7.2AI score0.13072EPSS
Exploits7References5
CVE
CVE
added 2014/06/13 2:0 p.m.57 views

CVE-2014-3805

CVE-2014-3805 affects AlienVault OSSIM (av-centerd SOAP service) prior to 4.7.0. The vulnerability is a command-injection flaw in the Util.pm get_license path (and related get_log_line/update_system/upgrade_pro_web flows) caused by unsanitized user input, allowing remote unauthenticated execution...

10CVSS7.3AI score0.13072EPSS
Exploits7References5Affected Software1
Rows per page
Query Builder